← back
CVE-2025-32433

Erlang/OTP SSH Vulnerable to Pre-Authentication RCE

CVSS 10 CRITICALEPSS 97.7%● KEVCWE-306
In short

Erlang/OTP's SSH server has a critical flaw that allows attackers to run commands on affected systems without needing a password or valid login credentials. This is a severe security risk because anyone on the network can potentially take control of the server.

Technical detail

A flaw in SSH protocol message handling in Erlang/OTP versions prior to OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20 permits unauthenticated remote code execution. The vulnerability requires network access to the SSH server but no prior authentication; attackers can exploit improper message validation to execute arbitrary commands with server privileges.

Summary generated and translated by AI from the official description.
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
erlang · otp
public PoCs found39
githubgithub.com/ProDefense/CVE-2025-32433142githubgithub.com/omer-efe-curkus/CVE-2025-32433-Erlang-OTP-SSH-RCE-PoC16githubgithub.com/NiteeshPujari/CVE-2025-32433-PoC7githubgithub.com/0xPThree/cve-2025-324336githubgithub.com/m0usem0use/erl_mouse5githubgithub.com/ekomsSavior/POC_CVE-2025-324335githubgithub.com/exa-offsec/ssh_erlangotp_rce3githubgithub.com/dollarboysushil/CVE-2025-32433-Erlang-OTP-SSH-Unauthenticated-RCE3githubgithub.com/LemieOne/CVE-2025-324333githubgithub.com/0x7556/CVE-2025-324333githubgithub.com/darses/CVE-2025-324333githubgithub.com/yonathanpy/CVE-2025-32433.py2githubgithub.com/mirmeweu/cve-2025-324332githubgithub.com/AntonieSoga/Erlang-OTP-PoC_CVE-2025-324332githubgithub.com/joshuavanderpoll/cve-2025-324332githubgithub.com/becrevex/CVE-2025-324331githubgithub.com/Know56/CVE-2025-324331githubgithub.com/teamtopkarl/CVE-2025-324331githubgithub.com/bilalz5-github/Erlang-OTP-SSH-CVE-2025-324331githubgithub.com/iteride/CVE-2025-324331githubgithub.com/vigilante-1337/CVE-2025-324330githubgithub.com/Epivalent/CVE-2025-32433-detection0githubgithub.com/meloppeitreet/CVE-2025-32433-Remote-Shell0githubgithub.com/ps-interactive/lab_CVE-2025-324330githubgithub.com/MrDreamReal/CVE-2025-324330githubgithub.com/abrewer251/CVE-2025-32433_Erlang-OTP_PoC0githubgithub.com/te0rwx/CVE-2025-32433-Detection0githubgithub.com/Mdusmandasthaheer/CVE-2025-324330githubgithub.com/l1nuxkid/CVE-2025-32433-exploit0githubgithub.com/soltanali0/CVE-2025-32433-Eploit0githubgithub.com/giriaryan694-a11y/cve-2025-32433_rce_exploit0githubgithub.com/blackcat4347/CVE-2025-32433-available-for-windows0githubgithub.com/carlosalbertotuma/CVE-2025-324330githubgithub.com/0xBlackash/CVE-2025-324330githubgithub.com/leehunkoo/hk_CVE-2025-324330githubgithub.com/chuzouX/CVE-2025-32433-Exploit-edited0githubgithub.com/dampedcoast/Exploiting-a-vulnerability-using-reverse-shell0githubgithub.com/ODST-Forge/CVE-2025-32433_PoC0cve_referencegithub.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.pyunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892fhttps://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.pyhttps://lists.debian.org/debian-lts-announce/2025/04/msg00028.htmlhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZyhttps://security.netapp.com/advisory/ntap-20250425-0001/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32433http://www.openwall.com/lists/oss-security/2025/04/16/2http://www.openwall.com/lists/oss-security/2025/04/18/1http://www.openwall.com/lists/oss-security/2025/04/18/2